DH uses Debian Sarge, the problem was included in Etch, so we’re cover… but as sarge security suppor cycle ended last march, I expect they had their own security team (or had something similar to what progeny offerted time ago).